Vulnerability CVE-2018-1000840


Published: 2018-12-20

Description:
Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use Processing to parse a crafted XML document.

Type:

CWE-611

(Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Processing -> Processing 

 References:
https://github.com/processing/processing/issues/5706
https://twitter.com/ben_fry/status/1054333613465059329

Copyright 2024, cxsecurity.com

 

Back to Top